Most organizations are still securing AI like traditional systems, but AI changes the rules entirely. In this episode, leading security experts Jim Roten and Manesh Kumar Yadav from SAP reveal how AI’s probabilistic nature, supply chain risks, and emerging attack surfaces like prompt injection demand a complete overhaul of modern security strategy.

From model poisoning to AI-driven data exfiltration, they break down the real risks in AI-powered environments—and what security teams must do differently. You’ll gain practical insights on adapting threat modeling, securing model provenance, implementing AI-specific guardrails, and embedding security early in the development lifecycle.

This episode cuts through the hype to deliver actionable strategies for rethinking risk, strengthening defenses, and building resilient AI systems. If you’re responsible for protecting modern applications, this is essential listening.

https://cloudsecurityalliance.org/star/

This episode explores how AI is transforming data management, governance, and security. Ben Wilcox, CTO with extensive cloud experience, discusses the shift from data sprawl to quality, the security implications, and best practices for organizations to prepare for AI-driven data strategies.

Key Topics

• Impact of AI on data sprawl and governance
• Importance of data quality for AI effectiveness
• Security risks associated with uncontrolled data sprawl
• Best practices for AI data environment architecture
• The role of data governance and lifecycle management in AI

https://cloudsecurityalliance.org/star/

Cyberattacks dominate today’s headlines, and in many cases, the weakest link isn’t technology—it’s people. In this episode, cybersecurity leader and educator Francisco Garcia Martinez, a member of the Technical Operations Committee of the Cloud Security Alliance, Spanish Chapter (CSA-ES), explores why cybersecurity education must evolve to meet the realities of an AI-driven world. As some countries introduce AI into high school curricula, many education systems still rely on outdated programs that fail to teach the critical thinking and security awareness needed in today’s digital landscape. Fran discusses how universities, governments, and industry can better prepare the next generation by focusing on foundational security principles, analytical thinking, and real-world technologies like cloud and AI, ensuring cybersecurity becomes a core skill for everyone, not just technical professionals.

https://cloudsecurityalliance.org/star/

Artificial intelligence is no longer confined to innovation labs or pilot programs. As enterprises deploy GenAI and MLOps platforms across Azure, AWS, and hybrid environments, AI is becoming a first-class cloud workload, and that shift is exposing security models that were never designed for autonomous, adaptive systems.

In this episode, we’re joined by Milan Rana, Principal AI Architect at Headstorm, to explore what actually breaks when organizations scale AI in production. Drawing from hands-on experience building secure AI landing zones for regulated enterprises, Milan moves beyond theory to highlight real-world failure points, architectural tradeoffs, and governance gaps.

https://cloudsecurityalliance.org/star/

In this episode, we delve into the transformative world of quantum computing and its implications for cybersecurity. Join us as William (Bill) Genovese, Chief Quantum Officer at Cyber Eagle Project, shares insights on how quantum technology is reshaping cyber risk, governance, and resilience. Discover why organizations must prepare now for a quantum future, the challenges of transitioning to post-quantum encryption, and the strategic steps leaders should take to safeguard their digital assets. Tune in to explore the intersection of quantum advancements and cybersecurity with industry experts.

https://cloudsecurityalliance.org/star/

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams face mounting pressure to evaluate increasingly complex hybrid and multi-cloud environments. In this episode, the Cloud Security Alliance’s John DiMaria sits down with Jerrad Bartczak of Advantage Partners to examine the rapidly evolving cloud risk landscape—spanning unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows.

Listeners will gain practical guidance on establishing strong cloud governance, clarifying accountability, assessing cloud and data security posture, evaluating identity and access controls, securing application development, and addressing third-party cloud risk. The conversation also explores how frameworks such as the CSA Cloud Controls Matrix can support a structured, multi-year cloud audit strategy. Ultimately, this episode reinforces that cloud security is a strategic business imperative that requires collaboration, continuous monitoring, and a unified approach to risk management.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria speaks with Walter Haydock, founder of StackAware, about the critical role of AI governance and compliance in today's rapidly evolving regulatory landscape. They discuss the importance of ISO 42001 as a framework for managing AI-related risks while fostering innovation. Walter shares insights on how certification can build trust with customers and streamline sales processes, as well as the challenges organizations face in navigating a patchwork of regulations. Drawing from his military background, Walter emphasizes the necessity of making informed decisions in risk management. The conversation concludes with a forward-looking perspective on the future of AI in business.

https://cloudsecurityalliance.org/star/

As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems.

We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.

John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for VISO TRUST, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies.

https://cloudsecurityalliance.org/star/